Potent DDoS attacks on Mt. Gox delay rollout of new virtual currency

Support of Litecoin is postponed as Bitcoin exchange struggles to stay online.

Mt. Gox, the world's largest Bitcoin exchange, is delaying plans to support a new form of virtual currency known as Litecoin following a series of debilitating Internet attacks that are growing increasingly powerful.

The most recent distributed denial-of-service (DDoS) attack to hit Mt. Gox came on Sunday, and it knocked the Tokyo-based exchange offline for four hours, officials said in a statement issued Wednesday. Unlike more traditional DDoS attacks, which flood websites' routers and servers with more junk data than they can handle, the latest assault targeted Web applications the Mt. Gox site uses to process and secure customer transactions. That's known as Layer 7, or the application layer, of the networking stack.

"What we are experiencing lately are 'Layer 7' DDoS attacks," the statement read. "Unlike your average DDoS (which overloads the servers with traffic to the sites as a whole) these are much more creative and harder to detect in that they target specific elements of the site and make it difficult to distinguish malicious traffic from normal traffic. The attackers' goal is to shut down the exchange, either thorough the DDoS itself, or by forcing Mt. Gox to take measures that have the same effect."

Enlarge/ An example from Mt. Gox of a recent 77 gigabit-per-second attack.

Mt. Gox

Mt. Gox officials didn't elaborate on the details, but the attacks are consistent with techniques that have emerged over the past 12 to 18 months. DDoS campaigns hitting more than a half-dozen of the world's largest banks over the past six months have used a relatively new tool known as "itsoknoproblembro." Attackers install it on powerful Web servers that they've commandeered and then use it to direct a rapidly changing array of methods that target multiple parts of a target's infrastructure.

The Layer 7 attacks frequently target sites' HTTP, and HTTPS protocols, which overwhelm the applications used to deliver webpages and cryptographically secure transactions. These "logic" applications are often prone to bottlenecks that are vulnerable to large and sudden torrents of data, especially when that data has been manipulated or corrupted. As Ars recently reported, one particularly potent attack targeted an unidentified site's login page by unleashing a script that entered a legitimate user name along with passwords that were known to be invalid. When repeated millions of times, the technique can overwhelm targeted systems as servers perform database lookups, report the authentication failure, and then record it in internal logs.

In light of the repeated attacks, Mt. Gox officials have decided to delay adding Litecoin, the digital currency competing with Bitcoin. Litecoin is based on the same peer-to-peer protocol as Bitcoin, but it targets a faster block rate, allowing it to be mined by people with consumer-grade equipment. Among other things, it uses scrypt as the primary hashing algorithm, making "proof-of-work" tasks easier to carry out on less-sophisticated computers than Bitcoin requires.

"We were planning on doing so two weeks ago, but events derailed that plan," the officials said in the statement. "Right now we are focused on overall stability of the exchange and will launch LTC when we are ready. Otherwise we could be further complicating things."

Company engineers are building an IT infrastructure and a new trading engine, which are slated to be completed by May and June respectively. The exchange has also contracted with Prolexic, a Florida-based provider of DDoS mitigation services. Mt Gox keeps at least 90 percent of its Bitcoin holdings in "cold storage," meaning they aren't available on the Internet. That means that even if hackers find a way to penetrate Mt. Gox servers, they will at most be able to steal only a fraction of the reserves. (DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

"Bitcoin and other cryptocurrencies are just now entering the consciousness of people around the world, and still have a long way to go towards greater acceptance," the statement said. "While these attacks are a nuisance and a disservice to all Bitcoin holders and enthusiasts, they are also part of the growing pains of this incredible new technology."

Promoted Comments

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

Market manipulation? If you can time things right, I imagine there's something to it.

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Yes, that is a theoretical description of a large-scale attack against the entire Bitcoin currency system.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

I think the appeal of Litecoins is that you might be one of the early adopters who get the lion's share of the coins. Probably a lot of the people who made a ton of money by jumping in Bitcoin early and dribbling their coins out over time have run out, and are looking to make a new gravy train.

Just a thought...are these attacks practice runs for the larger, real currency banks and trading companies? I mean it sounds like what used to be attacks on porn sites. You practice hacking their authentication passwalls and decrypting DBs and if you got caught it wasn't too big of a penalty unlike getting caught breaking into "legitimate" sites.

It seems both sides are using Bitcoin as their own Spanish Civil War to practice and improve their strategies.

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

Market manipulation? If you can time things right, I imagine there's something to it.

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Bitcoin-specific hardware is now being made to enable much faster computation of the Bitcoin algorithm. Those that have been using GPUs to mine are finding themselves outclassed, because the difficulty is rising due to the new devices. Litecoin, since it uses scrypt, rather than sha256, will not run on this Bitcoin specific hardware.

I also have read that the Litecoin algorithm requires a greater amount of memory than Bitcoin, which means FPGAs, which typically do not have a great deal of memory internally, will have a more difficult time dominating the mining scene as they have in Bitcoin (with the next generation of ASIC devices being just now produced for Bitcoin). I'm sure that if Litecoin does well, the FPGA designers will add external DRAM to their designs, and the same goes for ASICs, but at least in the short term, it makes it more difficult for a few people to dominate the mining of Litecoin and push the difficulty up.

Litecoin also has a greater total number of coins that will be generated, and has faster confirmations, which should mean that transactions are resolved more quickly. I've been reading a bunch about this stuff lately, but if I am mistaken on any points, please let me know!

Edit: Shimme - I had not heard about Litecoin being an inflationary rather than deflationary currency in contrast to Bitcoin. Would you mind pointing me in the right direction to read more about it?

(DDoS attacks, while disruptive, don't give attackers the ability to breach a target's defenses or steal its assets.)

Maybe I missed it, but what IS the point of DDos'ing the site then? It's an honest question as I'm at a loss here. By causing all this internet disruption, by focusing one's time in DDos'ing this particular site, what is the payoff? What then is the underlying motivation for DDoS'ing these finical institutions?

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

I suppose... one way around it is to bypass the internet and require use of old fashioned switched networks (such as a POTS/ISDN or some such- i don't imagine the data load for currency exchange to be particularly high).

I'm wondering.. is there anything about the design of IPv6 that can mitigate DDoS attacks?

So other then it being easier to mine Litecoins (and thus they're worth less), what benefits does Litecoin provide?

The difference is that litecoins will actually have inflation rather than the deflation of bit coins, discouraging people from "hoarding" them like you can with bit coins.

Wrong and wrong. Litecoins aren't worth less because they're easier to mine. They're worth less because they're still in the stage bitcoin was a year ago, giving out 50 per round (both cut this in half every four years), and fewer people are using litecoin. Their worth lies in market forces.

Both litecoin and bitcoin release a certain amount of coins on set intervals, the difference is that litecoin does so every ~2.5 minutes, and bitcoin does so every 10 minutes. So with litecoin, transactions will technically register faster. To counter the 4x increase, they also have a 4x increase on the total number of litecoin, so roughly 84 million litecoins will ever be mined. That means it's still not set up for inflation, the total number is finite, just like with bitcoin.

People tend to think that mining is a game of more horsepower == more coins found, which isn't the case. You only get more coins if your horsepower is higher than the relative horsepower of the pool, because the rewards are set. It's just a game of who gets them.

Also, litecoin isn't really easier to mine. It's designed to be harder by relying more on memory bandwidth, thus it pushes the advantage more toward the CPU, lowering the barrier to entry (It's all about your horsepower compared to the rest of the pool). Miners recently got GPU support, but they may never get ASIC support.

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Yes, that is a theoretical description of a large-scale attack against the entire Bitcoin currency system.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

If BTC ever wants to be taken seriously, having the black hats come out to play havoc is required.

So you're saying that it's in Mt. Gox's best interest to get DDoS'd so they can prove to the world that they're worthy of being DDoS'd. That would make an awesome basis for a conspiracy theory.

I agree that blackhats coming to play is unavoidable. I just hope they stay a nuisance and don't cause to much actual havoc. Bitcoin already has a high knowledge barrier for entry as it is between media FUD and the technical basics behind the currency.

Also sometimes coincidences are just that: coincidences. In this case its more of a bonus. Its undeniable blackhats will go for the easy money and attack MtGox, but if they survive them all, it does add to their creditably. If MtGox wanted to prove more creditable to attacks - they would just use white/greyhats under their own supervision to test the system, and they certainly wouldn't do it 'live'.

As long as we're all speculating, what are the odds that there's a state actor behind this? If you can't legislate Bitcoin away, maybe you can create enough uncertainty around it that it never gets off the ground.

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Yes, that is a theoretical description of a large-scale attack against the entire Bitcoin currency system.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

As long as we're all speculating, what are the odds that there's a state actor behind this? If you can't legislate Bitcoin away, maybe you can create enough uncertainty around it that it never gets off the ground.

I figured as soon as I heard that stores were thinking about accepting Bitcoin this would happen. It's probably the beginning of the end for Bitcoin. Whether its just hackers or some CIA plot, it was bound to happen sooner or later. Any currency that is designed expressly to allow bypassing transaction monitoring, and thus taxation, will be extinguished the instant it becomes even a whiff of a threat to sovereign powers (the ones with armies and laws).

Oh I am sure that people will always trade bitcoins.. but probably not at Starbucks because most people aren't looking to become speculators, they just want to buy stuff with a stable currency. If so many people had not talked about it as a currency, and just as any other tradable commodity like pork bellies, then maybe this would not have happened so soon.

"Web sites get DDOS'd, don't they, guv? For only a $10K ($100K? 1M?) a month, buy our DDOS protection plan. We can't guarantee that with it, your business won't get shut down, but we *can* guarantee that without it, you'll never see the Internet again."

Yes. The conspiracy theory that requires coordinating a worldwide botnet with sub-second timing from unnamed actors without a profit motive that can see internal actions on the exchange not visible to regular viewers is far less likely than Yet Another Bitcoin Exchange being run by crooks and liars.

Hope a second pass clears it up for you, but if that's just too complicated: First one's technically impossible and won't turn a profit, second has ridiculous precedent and a clear profit motive.

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Yes, that is a theoretical description of a large-scale attack against the entire Bitcoin currency system.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

While my explanation has the evidence of being logical and backed by historical analysis of bitcoin trends, your theory... has nothing.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

Mt Gox's general position is that it's unregulated and can do what it wants. For example, in its recent Reddit AMA, it said "Employees are prohibited to trade on Mt Gox, but are allowed to have BTC. Obviously there's no insider trading law re: BTC." So employees can trade elsewhere, and friends and family can trade on Mt Gox using their inside information. If insider trading is ok, what about a little market manipulation?

If you watch the Reuters interview with Mark Karpeles, he states that each day Mt Gox has between $5 and $20 million incoming. At $10 million per day, and assuming 300 banking days a year, that would add up to $3 billion over a year. Most of that is staying in the exchange. Only verified traders can make large withdrawals and many traders are stuck in a long queue waiting to be verified and may not be given a high withdrawal limit once verified. When we're talking about such large sums of money, you'd think it ought to be regulated.

Quite wisely, Mt Gox is holding back on Litecoins. If I were Mt Gox, I wouldn't want to make it too obvious to my traders that there can be an unlimited number of virtual currencies. The Internet is often referred to as a giant replicating machine. But, it's not just straight replication. The Internet is a "mash up" machine as Mike Masnick might say. Now the idea is know to the world and the source code is available, there could be as many crypto-currencies as there are Linux distros. Or, as you only have the change the bootstrapping process for seed nodes to create a new disjoint Bitcoin network, there could be as many crypto-currencies as there are BitTorrent swarms.

Yes. The conspiracy theory that requires coordinating a worldwide botnet with sub-second timing from unnamed actors without a profit motive that can see internal actions on the exchange not visible to regular viewers is far less likely than Yet Another Bitcoin Exchange being run by crooks and liars.

Hope a second pass clears it up for you, but if that's just too complicated: First one's technically impossible and won't turn a profit, second has ridiculous precedent and a clear profit motive.

Look, if dumbasses can launch a ddos that can take spamhaus offline, it isn't a massive leap for dumbasses to be able to do the same thing here. I mean seriously. You have an unregulated exchange that works completely online and whose value changes as emotions do; it is a perfect storm for this type of manipulation.

Well, if you DDOS enough making transactions too difficult, the value will go down. Stop the DDOS, trades can now go through, making the value go up. This is overly simplistic, but what we are witnessing here is a currency war.

Yes, that is a theoretical description of a large-scale attack against the entire Bitcoin currency system.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.

Yeah, well, maybe you might want to learn more about trading. All I have to do is SHORT SELL Bitcoin, then I can make my DDOS any old time and flatten my position as the exchange comes back on line (which will be the bottom presumably, give or take). I can of course even switch to a long position at that point and make money on the upside too.

There's no rocket science in this. Anyone who knows a sudden price move is coming can easily profit from it.

EDIT: and as far as your allegation that Mt Gox is "artificially delaying the market", what does that mean? Are you suggesting that if I place a large sell order it doesn't go onto the book all at once? Actually if I were trading large orders on a small volume instrument like BC I wouldn't WANT my whole order displayed for exactly that reason. This is why some exchanges DO support display quantities (and why many institutional traders will use various strategies to place their orders to try to mask them). Thus it is very unlikely Mt Gox is doing what you allege. It would be entirely dishonest and probably illegal, and they don't really NEED to do that. A more likely scenario would be they might buy and sell themselves, acting as a market maker. Even that function is more likely segregated to a separate entity in today's markets, but BC markets are still a bit primitive.

I figured as soon as I heard that stores were thinking about accepting Bitcoin this would happen. It's probably the beginning of the end for Bitcoin. Whether its just hackers or some CIA plot, it was bound to happen sooner or later. Any currency that is designed expressly to allow bypassing transaction monitoring, and thus taxation, will be extinguished the instant it becomes even a whiff of a threat to sovereign powers (the ones with armies and laws).

Oh I am sure that people will always trade bitcoins.. but probably not at Starbucks because most people aren't looking to become speculators, they just want to buy stuff with a stable currency. If so many people had not talked about it as a currency, and just as any other tradable commodity like pork bellies, then maybe this would not have happened so soon.

I'm not sure you know much about bitcoin, but it is not "designed expressly to allow bypassing transaction monitoring." In fact, it is quite the opposite. All the code is open source, so you can see exactly how everything works. The blockchain is a public ledger that anyone can download, examine and study. The developers want you to play with it. All bitcoin transactions are recorded in the blockchain, and it cannot be extinguished "with armies and laws." Since it is a massively distributed peer-to-peer network, you'd have to shut down the entire internet to shut down bitcoin.

Sure, it isn't widely accepted yet, but last Tuesday, I bought dinner with bitcoins at Sake Zone in San Francisco (0.04 BTC for smoked salmon rolls and a large Asahi beer). Of course, it is most easily used for online transactions (WordPress blog hosting, VPN accounts, Wikileaks donations, etc.), but it was surprisingly simple to use at the cash register with my Android phone. The future is coming toward us much faster than I ever expected.

While my explanation has the evidence of being logical and backed by historical analysis of bitcoin trends, your theory... has nothing.

Disclosure: Never owned a bitcoin in my entire life.

Nothing except actual knowledge of what's being discussed. You're not even properly disambiguating between a theoretical attack on the entire Bitcoin cryptocurrency "difficulty" metric and the activities of a single exchange site. So forgive me if I don't give your "logic" much credence when it lacks basic material knowledge of the subject matter and appear perfectly willing to conflate ridiculously disparate concepts. If you knew what you were talking about I don't think you'd play so fast and loose with the terminology.

Regarding your other post about "if someone can DDoS spamhaus..." you're missing the context of why I said a DDoS is impractical. Stick with me, as I inform Alhazred about Mt Gox's trade delays, you too can learn why the "DDoS" explanation doesn't cover the strange happenings at that exchange. Anyone can DDoS, the strangeness comes from the timing.

EDIT: and as far as your allegation that Mt Gox is "artificially delaying the market", what does that mean? Are you suggesting that if I place a large sell order it doesn't go onto the book all at once?

It sure would be nice if the people pretending to rip my premises to shreds had a shadow of a clue what we were discussing. Mt Gox has a "trade delay," the expected time from when an order is submitted to the site until it posts. The official bitcoin IRC channel has a bot that responds with this time in SECONDS. If you didn't know that, and the fact that you're directly asking me for this precise information leads me to beleive you didn't, then I'm really curious how you think these mystical DDoSers are able to time their attacks.

The trade delay has a peculiar tendency to grow in direct proportion to the amount of sell orders. During heavy activity it can grow up to 10-15 minutes. During the April 10th crash, the delay was well over 1000 seconds. So the information available to all traders outside of the Mt Gox operators themselves was delayed by an unknown amount of up to 20 minutes. I find it hard to believe that with that much information being unknown that our mystery DDoSers could time an attack to the precise sub-second window that sell orders are hitting the market.

Now, all the above is fact. The following is speculation, read forth knowing that. If the trade delay grows in proportion to sell orders, but not buy orders, one explanation seems to explain that case. If the Mt Gox operators have a vested interest in the price of BTC going up, are making the market for that commodity, and are willing to manipulate that market, they could delay posting sell orders in the hopes that during the window of uncertainty, more buy orders could come in above the listed price and cover those sells in order to hide the price hit from people selling off and maintain a higher price.

This is wholly distinct from what the article is describing and what's happening in reality and I'm astounded it was selected as an "Editor's Pick". It's amazing to see the lengths that Bitcoin supporters will go through to describe vast conspiracies by unnamed actors instead of the simpler explanation that Mt. Gox's operators artificially delay the market when large sell orders arrive in hopes that buy orders will cover and keep the price of bitcoin up.

Mt Gox is crying wolf and the community is lapping it up. The sheer complexity of timing a large scale DDoS attack to the arrival of sell orders by an outside party is far beyond any potential profit someone could reap. By an OUTSIDE party.